User Authentication for Social Networks

ABSTRACT

Systems and methods are provided for social networks that can verify that enrolled users are not misrepresenting facts about themselves such as age and gender. Verification can be performed, for example, by reference to biometric templates stored during the user enrollment process. The biometric templates can also be used to authenticate users logging into the social network to prevent user impersonation. The ability of some users to communicate to other users of the social network can be limited to only certified users, and even to those certified users that match a criterion, such as gender or age.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.12/608,190 filed Oct. 29, 2009, also entitled “User Authentication forSocial Networks,” and which claims the benefit of U.S. ProvisionalPatent Application 61/110,878 filed Nov. 3, 2008 and is also entitled“Identity Authentication for Social Networks,” both of which areincorporated herein by reference. This application also incorporates byreference U.S. patent application Ser. No. 12/119,617 filed May 13, 2008and entitled “Multi-Channel Multi-Factor Authentication” and U.S. patentapplication Ser. No. 12/137,129 filed Jun. 11, 2008 and entitled“Single-Channel Multi-Factor Authentication.”

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates generally to the field of authenticationand more particularly to authenticating users of social networks.

2. Description of the Prior Art

Social networking Internet sites (hereinafter “social networks”) such asMySpace and Facebook allow individuals to connect over the Internet forvarious purposes from business networking, to sharing common interests,to dating. Individuals generally have the ability to representthemselves however they choose, through these social networks, simply bycreating an account and providing whatever details they would like toshare with the other users of the social network.

While many individuals are honest in their self-representations, otherindividuals attempt to pass themselves off as being older or youngerthan they really are, or of a different gender, for example. Often, suchmisrepresentations are done for the purpose of taking advantage of otherusers of the social network, especially children, sometimes for criminalends.

An additional problem that has arisen in social networks is the problemof impersonation, where someone gains unauthorized access to an existingaccount of a legitimate user. With the unauthorized access, theimpersonator can post content and/or communicate with other users,typically in a manner that the legitimate user would find objectionable.Such impersonations can both damage the reputation of the legitimateuser and harm other users.

SUMMARY

The present invention provides various social network system. In anexemplary social network system, the system comprises both enrollmentlogic and authentication logic. The enrollment logic is configured toenroll users in the social network by associating each user with aunique user ID, by further associating a plurality of prompts with eachuser ID, and by further associating a plurality of biometric templateseach with one of the plurality of prompts. The enrollment logic isfurther configured to receive an indication of each user's gender and/orage and verify each user's gender by analyzing a biometric template fromthe plurality of biometric templates associated with each user. In thisway the enrollment logic can certify users. Users that do not wish to beenrolled in this manner may still be enrolled in the social network, butwould not be treated as a certified user of the social network.

In various embodiments the enrollment logic is further configured toenroll users by receiving an indication of the user's age and verifyingthe user's age by analyzing the same biometric template that was used toverify the user's gender. In other embodiments, the enrollment logic isfurther configured to compare a biometric template of each user againsta plurality of biometric templates of barred users, and to denyenrollment to any user based on a match between their biometric templateand one of the plurality of biometric templates of a barred user.

The authentication logic of the exemplary system is configured toauthenticate a claimant as a particular user by receiving a claimanttarget, sending a prompt from a plurality of prompts associated with theclaimant target, receiving a biometric response to the prompt, anddetermining a match between the biometric response and a biometrictemplate associated with the prompt. Various embodiments of theexemplary system further comprise logic configured to authenticate afirst user to a second user by sending at least a portion of thebiometric response of the first user, or at least a portion of abiometric template of first user, to the second user.

The present invention also provides methods for maintaining a socialnetwork. An exemplary such method comprises enrolling users in thesocial network, wherein enrolling users includes storing in associationwith a user ID for each enrolled user a voice template, a facialrecognition template, and either the user's gender or the user's age.The exemplary method further comprises certifying enrolled users byusing their voice template or their facial recognition template toverify their gender and/or age, and indicating to users of the socialnetwork which other users are certified. The exemplary method canfurther comprise restricting some users to communicate only withcertified users, such as those that meet a criterion like gender or age.

The present invention also provides methods for enrolling a user in asocial network. An exemplary enrollment method comprises associating theuser with a user ID, associating a plurality of prompts with the userID, and associating a plurality of biometric templates each with one ofthe plurality of prompts. In various embodiments the method furthercomprises receiving an indication of the user's gender, age, or both,and then verifying the user's gender, age, or both by comparing theindication of the gender and/or age with a result of an analysis of abiometric template from the plurality of biometric templates. Thecomparison can be manual or automated in various embodiments.

In still other embodiments of the enrollment method, in addition to, orin the alternative to receiving and verifying age and/or gender, theenrollment method comprises comparing a biometric template of theplurality of biometric templates of the user against a plurality ofbiometric templates of barred users and denying enrollment to the userbased on a match between the biometric template of the plurality ofbiometric templates and one of the plurality of biometric templates ofthe barred users.

The present invention also provides methods for preventing a first userfrom making certain misrepresentations in a social network. An exemplarymethod comprises enrolling the first user by associating the first userwith a user ID, associating the user ID with a biometric template of thefirst user. The exemplary method also comprises providing a prompt tothe first user, and storing a biometric response of the first userthereto in association with the user ID. The method further comprisesreceiving a request from a second user of the social network toauthenticate the first user of the social network, and sending to thesecond user at least a portion of the biometric response of the firstuser, or at least a portion of the biometric template of the first user.In various embodiments the at least the portion of the biometricresponse or biometric template of the first user comprises at least aportion of a biometric login response.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a schematic representation of an exemplary environment forcarrying out various methods described herein.

FIG. 2 is a flow-chart representation of an enrollment method accordingto an exemplary embodiment.

FIG. 3 is a flow-chart representation of an exemplary authenticationmethod according to an exemplary embodiment.

FIG. 4 is a schematic representation of an authentication systemaccording to an exemplary embodiment.

FIG. 5 is a flow-chart representation of an exemplary method for aclaimant to be authenticated according to an exemplary embodiment.

FIG. 6 is a flow-chart representation of a method for preventing a userfrom making certain misrepresentations in a social network according toan exemplary embodiment.

FIG. 7 is a flow-chart representation of a method for maintaining asocial network according to an exemplary embodiment.

DETAILED DESCRIPTION

The present disclosure is directed to systems and methods forauthenticating users of social networks to prevent or at least deterimpersonation and misrepresentation. Authentication for social networkscan achieve these ends, according to the present invention, by the useof an authentication system that employs a number of security featuresin combination, including some biometric security features. Thesesecurity features can be based, for example, on unique knowledge of thelegitimate user, a unique thing that the user has, unique personalfeatures and attributes of the user, the ability of the user to respond,and to do so in a fashion that a machine cannot, that only a fraction ofthe authentication information is made available in any oneauthentication attempt, and so forth.

The methods described herein comprise an initial enrollment andsubsequent authentications. In the initial enrollment process, anenrollee user is associated with a user ID and that user ID is furtherassociated with the address of a communication device for the user. Theuser is also asked to provide biometric samples in response to aplurality of different prompts. The prompts and responses are alsoassociated with the user ID. After enrollment, a person seeking to beauthenticated, termed a claimant herein, first submits a claimant targetwhich can be the user ID or some other unique identifier from which theauthentication system can infer the particular identity sought to beauthenticated. One of the prompts associated with the user ID is thenprovided to the claimant, the claimant provides a biometric response tothe prompt, and that response is compared to the biometric samplepreviously associated with that prompt. Within this simple framework avariety of security features can be effectively employed.

One such security feature is achieved through the use of biometricswhich provides security based on the uniqueness of various personalfeatures, attributes, and behaviors such as one's fingerprint, voice,eyes, face, genetic material, scent, signature, and so forth. Anothersecurity feature can be achieved through the use of responses to promptswhich require the user's unique knowledge to respond correctly. In someinstances, multiple pairs of prompts and responses are stored, thoughonly one pair need be used for any authentication attempt. In theseembodiments, another security feature is realized because only afraction of the authentication information is made available in any oneauthentication attempt. Still another security feature can be achievedby implementing a rule that the same prompt from the plurality ofprompts cannot be used in successive authentications. This rule makes itmore difficult to record the biometric response from a legitimateauthentication and replay that response in a fraudulent authenticationattempt.

Yet another security feature can be achieved through the use of twochannels of communication between the authentication system and theclaimant. To complete the authentication, a second communication channelis established using the device address recorded during the enrollmentprocess. The second channel is different from the communication channelover which the authentication system received the claimant target. Here,the prompt is provided to the claimant over the second channel, and/orthe biometric response to the prompt is returned to the authenticationsystem over the second channel. The use of the second channel to thedevice associated with the previously recorded device address makesfraudulent activity more difficult because a party seeking to perpetratea fraud would need to have access to some unique thing that the enrolleduser has, such as a cell phone. Still further security features,described in more detail below, can also be employed.

Within the context of a social network, the invention can be used toprevent both impersonations and misrepresentations. Turning first to theproblem of impersonation, the invention can prevent a claimant fromaccessing the account of another user without the authorization of thatuser in order to impersonate that user. In a social network thatimplements the present invention, a user can choose to disclose theirtrue identity or remain anonymous and only be identified by a screenname, for example. In either instance, however, the present inventionassures that only the legitimate user can access their account and postcontent and communicate with others from that account. An impersonatorthat approaches the social network as a claimant will be prevented fromlogging into any account that the claimant is not authorized to access.

According to the present invention, impersonation in social networks isprevented by requiring that users go through a brief enrollment processin which biometric templates such as facial recognition and voicetemplates are stored. In the enrollment process, some of these biometrictemplates are associated with prompts, as described above. Subsequently,when a claimant seeks to access an existing account, the claimant isauthenticated either using a multi-channel multi-factor authenticationprocess, or using a single-channel multi-factor authentication processas described in U.S. patent application Ser. Nos. 12/119,617 and12/137,129, respectively.

Turning next to the problem of misrepresentations in a social network,during the enrollment process users can make certain representationsabout themselves, whether they disclose their true identity or remainanonymous behind a fabricated screen name. Such representations includegender, age, race, hair color and so forth. Embodiments of the presentinvention allow certain representations to be authenticated. Users thatare willing to have their representations verified by the socialnetwork, in some embodiments, are classified as certified users.Certified and uncertified users represent two classes of users in thesocial network, and the two classes can be afforded different rights andsubjected to different rules by the social network.

For instance, the enrollment process can comprise an enrollee speakingto a video camera in response to a prompt. Here, the authenticationsystem 110 is able to capture both a facial recognition template and avoice template of the enrollee. The social network can then attempt toverify representations made during the enrollment process against thesebiometric templates. In this way, a middle aged sexual predator cannoteasily misrepresent himself as a teenage girl, for example.

Verifications of representations made during the enrollment process, orsubsequently, can be performed manually or automatically. For example, aperson acting on behalf of the social network can manually compare ageand gender representations made by an enrollee against the enrollee'sfacial recognition template and make a determination as to whether theenrollee is making false representations. Some automated systems, suchas VoiceVault, are able to estimate a person's age and determine theperson's gender based on voice samples. Accordingly, the authenticationsystem 110 can be configured to automatically screen enrollees to verifyage and gender representations. Representations that fail the screen, insome cases, can be reviewed by a person acting on behalf of the socialnetwork.

As already noted, in some embodiments, a social network that screensenrollees for misrepresentations can classify those users that pass thescreening as certified users. In some social networks, submission to thescreening process is optional so that an enrollee can opt to become acertified user or not, either at the time of enrollment or subsequently.In those embodiments in which certification is optional, users can beenticed to become certified, for example, through rate reductions,special offers, or the availability of additional features and/orservices that are made available only to certified users.

Certified users can be identified as such to other users of the socialnetwork, in some embodiments, for example with a frame around a profilepicture. Additionally, where a social network has a sub-population ofcertified users, the social network can offer parental controls thatlimit contact to only certified users, and further, to only thosecertified users that fit one or more criteria. In this way, a parent canlimit a child's access through a social network to only those certifiedusers that are girls under the age of 20, for example.

Within the context of a social network, the invention can also allow oneuser to authenticate a certified user to help the first user assess thecertified user's trustworthiness before accepting messages,communications, content, or the like. For example, stored biometrictemplates or subsequent biometric responses to prompts made by thecertified user can be viewed, in whole or in part, by other users beforeaccepting contact or content form the certified user. For instance, whena user (certified or not) receives an invitation to join a group orshare photographs, the social network can make available selectedportions of a login video, for instance, of the certified user that isextending the invitation.

It should be appreciated that empowering social network users to assessthe trustworthiness of other users through stored biometric templates orbiometric responses affords users an opportunity to see and hear anotheruser and make a more informed judgment as to whether to engage the otheruser. The social network, in some embodiments, provides a mechanism bywhich a user can report suspected frauds or misrepresentations, eitherto the social network itself, and/or to other users, and/or to police.

Beyond the actual preventative actions noted above, the presentinvention can also have a deterrent effect on those seeking to eithermisrepresent themselves or impersonate others within a social network.Enrollment and authentication logic (see FIG. 4, below) can each beconfigured to require that the enrollee, or claimant, provide a videoimage and can be further configured to notify the enrollee or claimantthat the biometric information being submitted is being recorded andstored. Thus, the enrollee or claimant is on notice that his image, andother biometric data such as voice samples, are being recorded and canbe used like fingerprints from a crime scene to help identify theenrollee or claimant should the social network be used for illegalpurposes. While such notice alone may not bar a claimant from makingmisrepresentations or attempting to impersonate another user, as notedelsewhere herein, such notice can provide a powerful deterrent againsttrying.

FIG. 1 shows an exemplary environment 100 for carrying out variousmethods described herein. The environment 100 comprises anauthentication system 110 in communication with a first device 120 overa first communication channel 130, and in communication with a seconddevice 140 over a second communication channel 150. The authenticationsystem 110 can comprise one or more servers, data storage devices,workstations, and the like, networked together and configured to performthe functions described herein. The authentication system 110 ispreferably implemented in a secure environment to prevent both externaland internal tampering. In some embodiments, the authentication system110 is part of a social network computing system, such as the computingsystems that provide the functionality of a social network, likeFaceBook and MySpace) to its users. The authentication system 110 isconfigured to implement authentications, described in more detail withrespect to FIG. 3, and in some embodiments the authentication system 110is also configured to implement user enrollment. Alternatively,enrollment can be implemented by a separate system in communication withthe authentication system 110. The enrollment process is described indetail with respect to FIG. 2.

To implement an authentication, in various embodiments, theauthentication system 110 receives a claimant target from the firstdevice 120, sends a prompt to the second device 140, receives abiometric response from either the first device 120 or the second device140, and compares the biometric response with the biometric sample thatwas previously associated with the prompt. Biometric responses, as wellas biometric samples which are also referred to herein as a biometricsignatures or biometric templates, are discussed in greater detailbelow. Upon completion of a successful authentication, theauthentication system 110 may communicate the successful result toeither or both of the authenticated user and other parties to atransaction. The authentication system 110 is discussed further withrespect to FIG. 4.

The first device 120 is a communication device that can communicate aclaimant target to the authentication system 110. Exemplary firstdevices 120 include servers, personal computers (PCs), laptops, personaldigital assistants (PDAs), cell phones, smart phones (such as Treos,BlackBerries, etc.), kiosks, and so forth. The claimant target cansimply be, for example, the user ID associated with the user during theenrollment process. The claimant target can also be a biometric inputthat has been associated with the user ID, such as a scan of afingerprint. A biometric input can be indistinguishable from a biometricresponse (e.g., both can be an iris scan), but are referred to herein byseparate terms to distinguish between their uses in the various methods.In other words, a biometric input is used as a claimant target toindicate the identity sought to be authenticated, while a biometricresponse is provided in response to a prompt sent from theauthentication system to authenticate the claimant.

In those instances where the claimant target is a string of alphanumericcharacters, an e-mail address, or the like, the first device 120 cancomprise a keypad, keyboard, touch-sensitive screen, or the like onwhich the claimant target can be entered. Where the claimant target is abiometric input, the first device 120 can comprise a camera capable oftaking still images and/or providing video images. The first device 120can also include other biometric entry devices such as a touch pad forrecording signatures, an iris scanner, a fingerprint reader, and soforth. Biometric inputs and responses are discussed in greater detailbelow.

It should be noted that in some instances the claimant sends theclaimant target from the first device 120, while in other instancesanother party to the transaction, such as a merchant, a financialinstitution, or another individual sends the claimant target to/from thefirst device 120. Thus, in the former situation the first device 120 maybe a device in the claimant's home, such as a PC, interactive TV system,gaming console, or the like, or a hand-held device that the claimantcarries, such as a smart phone or PDA. The claimant can also send theclaimant target from a first device 120 such as a kiosk or a terminal ina retail store, for example. In the latter situation, where the otherparty sends the claimant target, the first device 120 may be physicallyremote from the claimant, such as a web server (this is sometimesreferred to as a Cardholder-Not-Present (CNP) transaction environment).In some of these embodiments, the first device 120 stores the claimanttarget (e.g., an on-line retailer can store the claimant targets ofregistered shoppers for their convenience) or receives the claimanttarget from the claimant at the beginning of the authentication process.In still other embodiments, the first device 120 can be a surveillancestation, such as a closed-circuit TV (CCTV) camera, that sends a videofeed to the authentication system. The video feed includes images offaces of people, and those images constitute claimant targets. As oneexample, a store can monitor people entering through a door and beginthe authentication process for quicker and easier checkout.

The second device 140 is something the enrolled user possesses, or atleast has ready access to. Exemplary second devices 140 include cellphones, PDAs, smart phones, pagers, PCs, home phones, etc. The seconddevice 140 is something that is unique to the user in as much as thesecond device 140 is characterized by a unique device address such as aphone number, IP address, URL, e-mail address, etc. In variousembodiments, the second device 140 is able to receive and render aprompt from the authentication system 110 and/or transmit a responsethereto. The prompt can be provided by the second device 140 visually,aurally, or in combination, for example. For instance, the prompt can bedisplayed as a text message, a verbal command or cue, an audio clip, avideo clip, etc. In some instances, the second device 140 can be used bythe claimant to provide the biometric response to the authenticationsystem 110. Towards this end, the second device 140 can include a cameracapable of taking still images and/or providing video images. The seconddevice 140 may also include other biometric entry devices such as theones noted above.

It should be appreciated that the use of still images or video images asthe biometric response for authentication purposes provides a powerfulsecurity feature, in some embodiments. In particular, part of theprevalence of identity theft and electronic fraud lies in the anonymityassociated with electronic transactions. It is a very strong deterrentto such malfeasance, however, to have to expose one's face tosurveillance in order to perpetrate the fraudulent activity. With theadvent of readily available and inexpensive webcams and cameras on cellphones, for example, the widespread implementation of a system thatemploys video for biometric responses becomes practical.

This is especially useful for social networks, where a need has existedsince the inception of on-line communities for the ability for users topositively authenticate one another. Presently, the typical login systemthat requires a combination of a username and a password does notprovide positive authentication of users to the extent that one usercannot tell whether the other user is misrepresenting them self orimpersonating another. Thus, even if a user of a social network choosesto employ a screen name and otherwise remain anonymous (i.e., notpositively identified), the user still records biometric responses thatallows the person to log back into the social network, and that canoptionally be shown to other users and/or used to prevent the login andthe re-enrollment of users that should become barred from the socialnetwork. Thus, the present invention provides social networks theability to positively authenticate users at login, allows users theability to positively authenticate each other, and allows the socialnetwork the ability to exclude users that violate rules, for example.

The first and second communication channels 130, 150, extend between theauthentication system 110 and the first and second devices, 120, 140,respectively. The first and second communication channels 130, 150 canbe fully duplexed and can each comprise connections made throughnetworks, represented generally by clouds in FIG. 1, such as the publicswitched telephone network (PSTN), wireless telephone networks, theInternet, wide area networks (WANs) and local area networks (LANs). Itshould be noted that although each of the first and second communicationchannels 130, 150 are represented in FIG. 1 as connecting through onlyone such cloud, either communication channel 130 or 150 can comprise aconnection through more than one network and both communication channels130 and 150 can cross the same network.

It will also be understood that the authentication system 110 cancomprise further channels to facilitate communications with otherparties to a transaction with a claimant. As described more fully below,a merchant may request an authentication over a third channel (notshown), the authentication then proceeds over the first and secondchannels 130 and 150 between the claimant and the authentication system110, and then confirmation of the authentication is sent to the merchantover the third channel.

FIG. 2 illustrates an exemplary method 200 for enrolling a user, forexample, into an on-line community such as a social network. The method200 comprises a step 210 of associating a user with a user ID, a step220 of associating the user ID with a device address, a step 230 ofassociating the user ID with a plurality of prompts, and a step 240 ofassociating each of the plurality of prompts with a biometric templateor signature of the user. The method 200 can also comprise, in someembodiments, a step of obtaining a biometric template of the user thatis not associated with any of the prompts. The method 200 can beimplemented, in some embodiments, by communicating with an enrollee userthrough a kiosk or over the Internet. It should be appreciated thatmethod 200 can be fully performed by a computing system interacting withthe enrollee user and does not require, in some embodiments, theintervention of a trusted individual acting on behalf of the on-linecommunity.

In the step 210, the enrollee user is associated with a user ID. Thiscan comprise, for example, assigning a unique numeric or alphanumericcode to the user, or having the user select a unique numeric oralphanumeric code. In some embodiments a password is optionally assignedto, or selected by, the user as an additional security feature. The userID can also be, in some instances, a biometric template. For example, afile containing a list of features extracted from the user's fingerprint(i.e., a fingerprint template) is one such possible user ID. In someembodiments more than one user ID is associated with the user so thatthe user can seek authentication multiple ways, such as by entering acode or presenting a finger to a scanner, for example. Step 210 canfurther comprise providing the user with a token including the user ID,such as a magnetic swipe card, a fob, an RFID tag, etc.

As described in the subsequent steps of the method 200, the user ID isfurther associated with additional information pertaining to theenrollee user. The user ID and such further information can be stored asrecords in relational databases, or in other data storageconfigurations, for later retrieval during an authentication. Inaddition to the information described below in steps 210-250, otherinformation that can be associated with the user ID through theenrollment method 200 includes addresses, spending limits, accesslevels, and other third party management information system attributes.Such additional information can be stored locally, or can constitute alink or pointer to a record in an external database.

In step 220 a device address is associated with the user ID. The deviceaddress is unique to a communication device that the user has, or hasready access to, such as the second device 140 (FIG. 1). Step 220 caninclude receiving the device address from the user, for example, wherethe user enters the device address into a text box in an on-lineenrollment form. In some embodiments, receiving the device address fromthe user comprises reading the device address directly from thecommunication device. In some instances, where the user has more thanone communication device, a device address for each can be associatedwith the user ID.

The user ID is further associated with a plurality of prompts in step230. The prompts can include common prompts such as “Say your mother'smaiden name,” and “Sign your name on the signature pad.” In someembodiments, the user selects some or all of the plurality of promptsfrom a list of predefined prompts such as the common prompts notedabove. The prompts selected by the user are then associated with theuser ID. In other embodiments, a plurality of predefined prompts isautomatically assigned to the user. In some embodiments, still otherprompts that can be associated with the user ID are personalizedprompts. As used herein, a personalized prompt is a prompt created bythe user, for example, “Say the rhyme your daughter loves.” Thepersonalized prompts can be recorded in the user's own voice, or enteredas text, for example. The number of prompts in the plurality of promptscan be two or more, but preferably is a number that strikes a balancebetween the security offered by greater numbers of prompts and theburden on the user to enroll large numbers of prompts and associatedresponses. In some embodiments, the number of prompts is 5, 6, 7, 8, 9,or 10 at the time of enrollment, and may be increased subsequently.

It should be appreciated that the use of a personalized prompt forauthentication purposes provides a powerful security feature, in someembodiments. In particular, part of the prevalence of identity theft andelectronic fraud lies in the availability of information throughcontracts and electronic databases. Prompts including questions such as“what is your mother's maiden name?” and “what is the name of youryoungest sibling?” are easily discovered through contracts or Internetsearches. A personalized prompt such as “color of my teenage dream car”is not readily known and whose response cannot be easily identified evenby a spouse. With the increase in identity theft and a significant partof identity theft being perpetrated by family members, personalizedprompts present a significant hurdle for even a person's closestassociates.

In step 240 each of the plurality of prompts is associated with abiometric template of the enrollee user. For example, where the promptis an instruction to say some word or phrase, the biometric template canbe a voice template derived from the user saying the word or phrase.Here, associating the prompt with the biometric template can includeproviding the prompt to the user and receiving audio data (e.g., a .wavfile) of the user's response. Associating the prompt with the biometrictemplate can further include, in some instances, processing the receivedaudio data to extract the biometric template. The biometric template canbe, in some embodiments, a filtered or enhanced version of theoriginally received audio data, such as with background noise removed,or averaged over multiple repetitions by the user. The biometrictemplate can also include a set of markers or values derived from theaudio data.

Other examples of biometric templates include fingerprint templatesderived from users' fingerprints; signature templates derived fromusers' signatures, and in some instances also derived from aspects ofthe act of creating the signature such as rate and pressure of thewriting implement as a function of time; facial recognition templatesderived from still or video images of users' faces; iris scan templatesderived from users' iris scans; and so forth. A biometric template canalso comprise an unprocessed biometric response, such as a .wav file ofthe user's voice, a .jpg file of an image of the user's face, etc. Bothbiometric templates and prompts can be stored in association with theuser ID in a database, for example.

It will be appreciated that the biometric template associated with anyparticular prompt need not make sense to anyone other than the user,adding still another security feature in some cases. For example, theuser can create the prompt “Monday morning” and associate with thatprompt a biometric template derived from saying “marvelous marigolds.”Even if someone were to sample enough of the user's voice to reasonablymodel the user's voice, it would be virtually impossible to know thecorrect response to the particular prompt.

In some embodiments step 240 includes the use of voice recognition.Voice recognition is distinguished here from voice identification inthat voice recognition can distinguish spoken words independent of thespeaker, whereas voice identification associates the individual with theacoustics of the phrase without regard for the meaning of the wordsspoken. Thus, for instance, a user can create a personalized prompt bysaying a phrase and then voice recognition can be employed by theauthentication system to extract the phrase from a recording of the usersaying the phrase. The extracted phase can then be stored as thebiometric template, as a component of the biometric template, or as acompletely separate record. Likewise, the system can prompt the user tosay a few randomly selected words and use voice recognition to verifythose words were spoken. In addition, voice identification (biometriccomparison) can be applied to the same sample to insure that the userspoke the randomly selected words thus verifying authenticity of theresponse.

Step 250 is an optional step that comprises obtaining a biometrictemplate of the user that is not associated with any of the prompts. Forexample, enrolling the user can comprise capturing a digital image ofthe user's face. The image can be associated with the user ID but notwith any particular prompt. Should the user have problems with asubsequent authentication and end up speaking with a live operator,provided that the communication with the live operator is over a videoconference or something similar, then the operator can compare thestored digital image of the user's face with the image of the claimant.Additionally, method 200 can optionally comprise associating additionaluser information with the user ID. Examples of additional userinformation include home address, home phone number, credit cardnumbers, system preferences and user settings, and so forth.

In some embodiments, the enrollment method 200 optionally includes astep 260 of verifying the gender of the enrollee user. Step 260 cancomprise, in some embodiments, receiving an indication of the enrolleeuser's gender, and comparing the indication with the result of ananalysis of a biometric template from the plurality of biometrictemplates. An example of an indication of the enrollee user's gender canbe, for example, a representation of gender made through an on-lineenrollment form. Some automated systems, such as VoiceVault, are able todetermine a person's gender based on voice samples. An analysis by suchan automated system of a voice sample, such as a biometric voicetemplate made by the enrollee user, yields a result, either male orfemale, that can be compared against the indication of gender to verifythe gender. In the alternative to the automated analysis, a manualcomparison can be performed in step 260 in which a human evaluates thebiometric template for gender and compares the result to the indicationof gender from the enrollee user.

In some embodiments, the enrollment method 200 optionally includes astep 270 of verifying the age of the enrollee user. Step 270 cancomprise, in some embodiments, receiving an indication of the enrolleeuser's age, and comparing the indication with the result of an analysisof a biometric template from the plurality of biometric templates. Anexample of an indication of the enrollee user's age can be, for example,a representation of age made through an on-line enrollment form. Someautomated systems, such as VoiceVault, are able to estimate a person'sage based on voice samples. An analysis by such an automated system of avoice sample, such as a biometric voice template made by the enrolleeuser, yields a result, such as an age range, that can be comparedagainst the indication of age to verify the age. In the alternative tothe automated analysis, a manual comparison can be performed in step 260in which a human evaluates the biometric template for age and comparesthe result to the indication of age from the enrollee user.

Yet another optional step 280 comprises verifying that the enrollee userhas not been barred from the social network. For example, step 280 cancomprise comparing a biometric template of the plurality of biometrictemplates of the first user against a plurality of biometric templatesof barred users. If the result of the comparison is a match, indicatingthat the enrollee user is the same individual as one who has previouslybeen barred from the social network, than enrollment can be denied tothe enrollee user based on the match.

FIG. 3 illustrates an exemplary method 300 for authenticating aclaimant, such as a user of a social network seeking to log back in totheir account. The method 300 comprises a step 310 of receiving aclaimant target over a first channel, a step 320 of retrieving a deviceaddress associated with the user ID, an optional step 330 of selecting aprompt from a plurality of prompts where each of the plurality ofprompts is associated with a biometric template of a user, and a step340 of sending a prompt, such as the prompt selected in step 330, over asecond channel to a device associated with the device address. Themethod 300 further comprises a step 350 of receiving a biometricresponse to the prompt, and a step 360 of determining a match betweenthe biometric response and a biometric template associated with theprompt sent over the second channel.

In step 310 a claimant target is received over a first channel. In someembodiments the claimant target comprises a user ID, while in otherembodiments the method 300 further comprises determining the user IDfrom the claimant target. In some embodiments where the claimant targetcomprises the user ID, the user ID can be a numeric or alphanumericcharacter string, for example, such as an e-mail address or a user nameselected by an enrollee user during the enrollment method 200 (FIG. 2).In other embodiments where the claimant target comprises the user ID,the user ID is a template such as a fingerprint template or an iris scantemplate. As one example, a fingerprint scanner on a kiosk scans theclaimant's fingerprint, reduces the scan to a fingerprint template, andthen sends the template to the authentication system which receives thetemplate as the claimant target.

As note previously, in some instances the claimant target is not theuser ID itself, and in these embodiments the method 300 furthercomprises determining the user ID from the claimant target. Returning tothe prior example of the claimant at the kiosk, the kiosk could insteadtransmit to the authentication system the scan of the fingerprintwithout further processing. Here, the authentication system wouldfurther determine the user ID from the claimant target by reducing thescan to the fingerprint template.

In some embodiments, step 310 also comprises receiving an authenticationrequest, which in some embodiments precedes receiving the user ID and insome embodiments includes the user ID. For example, a claimant seekingto complete a transaction with another party can send an authenticationrequest including her user ID to the authentication system. Similarly,the authentication request, including the user ID, may come from anotherparty, such as a merchant. In still other embodiments, either theclaimant or the other party to the transaction can make the request forauthentication and subsequently the claimant is prompted by theauthentication system to submit the user ID. It should be noted that insome embodiments that claimant also supplies a password with the userID, while in other embodiments a password is not required. Thus, inthese latter embodiments, step 310 specifically does not comprisereceiving a password.

After step 310, a device address associated with the user ID isretrieved in step 320. The device address can be retrieved, for example,from a database that associates device addresses with user IDs. Step 320can also comprise retrieving a record associated with the user ID, wherethe record includes one or more device addresses as well as otherinformation such as prompts and biometric templates.

In optional step 330 a prompt is selected from a plurality of prompts,where each of the plurality of prompts has a biometric template of theclaimant associated therewith. In some embodiments, the plurality ofprompts is ordered, say from first to last, and the act of selecting theprompt simply comprises identifying the next prompt in the order basedon the last prompt used. Other embodiments employ randomizationalgorithms. A rule can be implemented, in some embodiments, that thesame prompt from the plurality of prompts cannot be used in successiveauthentications. Similar rules can be implemented to prevent the sameprompt from being employed twice within any three authentications, andso forth. Yet another rule that can be implemented applies where severalof the biometric templates each include voice data comprising at leasttwo syllables. Here, the rule requires that the same two syllables usedin one authentication cannot be used in the next subsequentauthentication.

In step 340, a prompt is sent over a second channel to a deviceassociated with the device address. The device may be a cell phone, PDA,smart phone, PC, and so forth. In the limiting case where there is onlya single prompt associated with the user ID, for example, the step 330of selecting a prompt from a plurality of prompts is unnecessary andstep 340 simply comprises sending the one prompt. Where the prompt isselected in step 330 from a plurality of prompts, step 340 comprisessending the selected prompt. In some instances, the prompt is sent in atext message according to the Short Message Service (SMS) communicationsprotocol. In other embodiments, the prompt is delivered as a voicetransmission such as an audio recording or as synthesized speech. Theprompt can similarly comprise a video transmission. The prompt can alsobe sent as an e-mail or an Instant Message.

It should be noted that instructions can also be sent to the claimant,over either channel, in addition to the prompt. As one example, theclaimant submits a claimant target over a first channel from a PC, andreceives a prompt on her cell phone over a second channel. The prompt isa text message of the word “Rosebud.” An instruction can be sent overthe first channel to be displayed on the PC such as “A prompt has beensent to you. After the red light appears on your screen, face the webcamand provide your response to the prompt.” Still another security featurelies in the fact that it is not readily apparent from an instruction howthe prompt should be received. Someone intercepting the instructionwould not readily know whether the prompt was sent to a web browser, inan e-mail, or to a mobile device, for example.

After step 340, a claimant receives the prompt and acts accordingly toproduce some biometric response. For example, the claimant can speak toa microphone, present her face or another body part to a camera, make agesture in front of a camera, press her finger on a fingerprint scanner,present her eye to a retinal scanner, write on a touch-sensitive pad, orcombinations of these. The biometric response is therefore some productof the claimant's actions such as a voice data, a fingerprint scan,retinal scan, or an image of the person's face or body part, forexample. The biometric response can comprise unprocessed data, partiallyprocessed data, or can be completely reduced to a template, for example.

The method 300 further comprises the step 350 of receiving the biometricresponse to the prompt. The biometric response can be received from thesame device that received the prompt, or in other embodiments from thesame device that sent the claimant target. The biometric response mayeven be received from a third device over some third channel, in someembodiments.

Step 360 comprises determining a match between the biometric responseand a biometric template associated with the prompt sent over the secondchannel. In a simple example, the biometric template comprises a facialrecognition template of a user and the biometric response comprises asegment of streaming video that includes frames showing the claimant'sface. Here, determining the match comprises extracting a facialrecognition template of the claimant's face from the frames of the videosegment and comparing that facial recognition template to the originalfacial recognition template of the user.

It will be appreciated, moreover, that step 360 can comprise matchingmore than one biometric template to the biometric response. Forinstance, in the above example, the segment of streaming video can alsoinclude the claimant saying a phrase. Here, a voice template can beextracted in addition to extracting a facial recognition template. Inthis example a match can be determined between a voice template and thevoice in the video, and a match can be determined between a facetemplate and the face in the video.

In various embodiments, determining the match between the biometricresponse and the biometric signature comprises determining a figure ofmerit that characterizes the agreement between the biometric responseand the biometric template, and then comparing that figure of merit to athreshold. If the figure of merit exceeds the threshold, or in someinstances equals or exceeds the threshold, then the match has beendetermined. Where more than one biometric template is compared to thebiometric response, in some embodiments, a figure of merit for eachbiometric template is calculated and each figure of merit is compared tothe relevant threshold.

In those embodiments where the biometric response comprises a vocalresponse from the claimant, determining the match between the biometricresponse and the biometric template in step 360 can comprise performingvoice recognition on the biometric response to determine whether thecorrect word or words were spoken. Voice recognition has the benefit ofbeing less computationally intensive than voice identification,therefore, a useful screen can be to employ voice recognition todetermine whether the correct word or words are present in a biometricresponse.

If the match cannot be determined, an optional step of the method 300comprises repeating method 300 beginning at step 320, preferably byselecting a different prompt in step 330 than in the previous iteration.Another optional step if the match cannot be determined comprisesestablishing a live interview between the claimant and a customerservice representative. The customer service representative, in someinstances, has the authority to authenticate the claimant based on theinterview. As noted previously, the customer service representative maybe able to employ biometric templates that are not associated with anyof the prompts to decide whether to authenticate the claimant.

FIG. 4 shows an exemplary embodiment 400 of the authentication system110 (FIG. 1). The authentication system 400 of FIG. 4 comprises logic410 configured to enroll users, login authentication logic 420configured to authenticate claimants, and optionally inter-userauthentication logic 430 configured to authenticate one user to another.In various embodiments, logics 410, 420, and 430 each can comprisehardware, firmware, software stored on a computer readable medium, orcombinations thereof. Logics 410, 420, and 430 may include a computingsystem such as an integrated circuit, a microprocessor, a personalcomputer, server, distributed computing system, communication device,network device, or the like. For example, logics 410, 420, and 430 canbe implemented by separate software modules executed on a common server.In other embodiments, logics 410, 420, and 430 can be implemented ondifferent computing systems. Logics 410, 420, and 430 can also be atleast partially integrated together.

The authentication system 400 can also comprise, as part of the logics410, 420, and 430 or separate therefrom, volatile and/or non-volatilememory such as random access memory (RAM), dynamic random access memory(DRAM), static random access memory (SRAM), magnetic media, opticalmedia, nano-media, a hard drive, a compact disk, a digital versatiledisc (DVD), and/or other devices configured for storing digital oranalog information. Logic 410 can comprise, for instance, volatileand/or non-volatile memory as the computer readable medium on whichsoftware is stored for performing the methods described herein. Othervolatile and/or non-volatile memory can comprise databases or othermeans for maintaining information about enrolled users includingprompts, biometric templates, biometric responses supplied in responseto prompts, device addresses, and the like that are accessed by thelogics 410, 420, and 430. Such information can be created and revised bylogin authentication logic 420 and accessed by enrollment logic 410 andinter-user authentication logic 430.

The authentication system 400 can also comprise communications logic(not shown) that allows the logics 410, 420, and 430 to communicate, forexample, with the first device 120 (FIG. 1) over the first communicationchannel 130 (FIG. 1) and the second device 140 (FIG. 1) over the secondcommunication channel 150 (FIG. 1). In some embodiments thecommunications logic allows the login authentication logic 420 tointerface with multiple devices in parallel to support the simultaneousenrollment of multiple users. At the same time, the communications logicallows the logic 410 to independently interface with multiple otherdevices to support the simultaneous authentication of multipleclaimants.

The enrollment logic 410 is configured to enroll a user by performing anenrollment method such as method 200 (FIG. 2). In an exemplaryembodiment, the enrollment logic 410 is configured to associate the userwith a user ID, associate the user ID and with a device address,associate a plurality of prompts with the user ID, and associate anumber of biometric templates each with one of the plurality of prompts.The enrollment logic 410, in some embodiments, is configured toassociate the plurality of prompts with the user ID by presenting a setof pre-defined prompts to the user and receiving a selection of theplurality of prompts from the set. In additional embodiments, theenrollment logic 410 is further configured to allow the user to create apersonalized prompt. The enrollment logic 410 can also comprise acomputer readable medium that stores software instructions forperforming these steps.

The login authentication logic 420 is configured to authenticate aclaimant by performing an authentication method such as method 300 (FIG.3) before providing the claimant with access to a particular account ina social network, in some embodiments. In an exemplary embodiment, thelogin authentication logic 420 is configured to receive a claimanttarget over a first channel, retrieve a device address associated with auser ID, send a prompt from the plurality of prompts to a deviceassociated with the device address over a second channel, receive abiometric response to the prompt, and determine a match between thebiometric response and a biometric template associated with the prompt.In some embodiments the claimant target comprises the user ID, while inother embodiments the authentication logic is further configured todetermine the user ID from the claimant target. The authentication logicis further configured to send a key, in some instances, where the keycan be used for encryption and/or creating a watermark. In some of theseembodiments the prompt includes the key when sent. Encryption andwatermarking are described in greater detail below. The loginauthentication logic 420 can also comprise a computer readable mediumthat stores software instructions for performing these steps.

The inter-user authentication logic 430 is configured to authenticateone user to another. For example, a first user sends an invitation to asecond user. The second user recognizes the screen name of the firstuser as one used by a personal friend. Still, the nature of theinvitation seems odd to the second user, so the second user requestsauthentication of the first user. The authentication logic 430 receivesthe request and in response sends to the second user at least a portionof either a biometric response of the first user, or at least a portionof a biometric template of the first user. The portion of the biometricresponse can be, for example, part of the biometric response given tothe login authentication logic 420 during the most recent login by thefirst user. The portion of the biometric template of the first user canbe, for example, all or part of the biometric template of the user thatwas acquired in step 250 and not associated with a prompt. The seconduser can then see, for example, a video of the first user and confirmthat it is the personal friend.

Similarly, the second user may not recognize the screen name of thefirst user, but the first user is certified. Again, the inter-userauthentication logic 430 receives a request for authentication of thefirst user and sends in response at least a portion of either abiometric response of the first user, or at least a portion of abiometric template. By viewing the content from the inter-userauthentication logic 430, the second user can better decide whether toaccept the invitation from the first user.

FIG. 5 shows an exemplary authentication method 500 that can beperformed, for example, by a claimant such as to access an on-lineaccount in a social network. The method 500 comprises a step 510 ofsubmitting a claimant target over a first channel, a step 520 ofreceiving a prompt on a device, and a step 530 of submitting a biometricresponse to the prompt. In method 500, one of the two steps of receivingthe prompt and submitting the biometric response is performed over asecond channel. In some embodiments, the claimant performing the method500 only has to perform these three steps to be authenticated. As wasthe case with the enrollment method 200, it should be appreciated thatmethod 500 can also be performed in the absence of a trusted individualacting on behalf of the on-line community. In other words, whereas priorauthentication systems rely on the presence of a trusted individual toassess authenticity, in method 500 the claimant does not need tointeract with a trusted individual but can interact instead merely witha computing system.

In step 510, the claimant submits the claimant target, such as the userID, to an authentication system, for example, or to some intermediarysuch as a merchant that then relays the claimant target to theauthentication system. Since the method 500 can be performed by aclaimant seeking to complete an electronic transaction from home, work,or in public, in step 510 the claimant can submit the claimant targetfrom a PC at home, from a kiosk in a shopping mall, or from at aterminal at a store check-out, for example. The claimant can submit theclaimant target, according to various embodiments, by entering numbersand/or letters with a keyboard or keypad, swiping a magnetic cardthrough a card reader, bringing an RFID tag within range of an RFIDreader, writing with a stylus on a touch-sensitive pad, placing a fingeron a fingerprint reader, speaking within range of a microphone, smilingfor a camera, combinations thereof, and so forth.

Then, in step 520, the claimant receives a prompt on a device that theclaimant has, or has ready access to. The device that receives theprompt may be a hand-held device such as a cell phone, PDA, or smartphone, or the device can be some other communication device such as aPC, and so forth, as described above. As also previously noted, examplesof the prompt include a text message, e-mail, an Instant Message, anaudio recording, a video, or synthesized speech. In some embodiments,the prompt includes a warning that if the recipient of the prompt is notseeking authentication, then an unauthorized authentication attempt isin progress and to contact the Administrator.

Next, in step 530, the claimant submits a biometric response to theprompt. The claimant can submit the biometric response, according tovarious embodiments, by writing with a stylus on a touch-sensitive pad,placing a finger on a fingerprint reader, placing one eye in proximityto an iris scanner, speaking within range of a microphone, speaking to acamera, combinations thereof, and so forth.

In method 500 one of the two steps of receiving the prompt 520 andsubmitting the biometric response 530 is performed over a secondchannel. For example, the claimant can submit the claimant target from aPC over a first channel in step 510, and receive the prompt with a cellphone over a second channel in step 520. Here, the claimant can providethe biometric response in step 530 over either the first channel or thesecond channel, in different embodiments. In another example, theclaimant submits the claimant target from the PC over the first channelin step 510, the claimant receives the prompt on the PC again over thefirst channel (e.g., the prompt can be the following text message: “sayyour mother's maiden name”), the claimant's cell phone rings, and instep 530 the claimant submits the biometric response over the cellphone, here the second channel.

It will be appreciated that a method performed by an authenticationsystem in this last example is a variant of the method 300 (FIG. 3)described above. In this variant, rather than sending the prompt overthe second channel to the device associated with the device address inthe step 340, a second channel is instead established to a deviceassociated with the device address. Subsequently, rather than receivinga biometric response to the prompt in the step 350 over an unspecifiedchannel, instead a biometric response to the prompt is specificallyreceived over the second channel.

Additional security features that can be incorporated are furtherdescribed below. For example, any of the electronic communicationsdescribed herein can be encrypted according to well known encryptionprotocols. As another example, a watermark can be added to any biometricresponse sent to the authentication system. For instance, a webcamcomprising a camera and a microphone can be set with a key. The key istransmitted to the user either through a secure channel or a separatechannel so that unauthorized users would not be aware of the key. Thewatermark can be based at least in part on the key. For instance, imagedata can be altered by discrete cosine transform (DCT) coefficientsbased on the key. Of course, other algorithms can be similarly employed.Audio data can likewise be watermarked. The key used for watermarkingcan also be the same key employed for encryption, in some embodiments.

In the previous example, the key for the watermark can be transmitted tothe claimant at the time of authentication for still further security.For instance, the prompt received over the second channel can includethe key (e.g., “Please enter the following key to your webcam, wait forthe red light, and then say your birth date.”). For still furthersecurity, the webcam (or any other device for recording a biometricresponse) can include a dedicated keypad for entering the key, where thekeypad is not otherwise connected to any computing system. Here, thereis no electronic way to intercept the key between the device thatreceives the key and the keypad of the webcam. For still furthersecurity the possible keys would be non-repeating so that a fraudulentauthentication attempt can be determined by detecting the use of apreviously used key. Even additional security can be achieved by havingkeys expire within a period of time, such as 30 seconds, after beingissued.

In some embodiments, the biometric entry device (e.g., webcam,fingerprint reader, etc.) does not have a dedicated keypad to enter akey. In some of these embodiments, the key can be entered through ashared keypad or keyboard. For example, a PC with an integrated webcamwould allow the key to be entered on the PC's keyboard. Here, the PC caninclude logic that when activated, connects the keyboard to thebiometric entry device and simultaneously disconnects the keyboard fromthe computer and disables the ability of other programs running on thePC to access key press notifications, thus rendering spywareineffective. In some of these embodiments, the logic can render anonscreen prompt to enter the key for the biometric entry device. Forfurther security, the logic can echo keystrokes and codes as asterisksor other characters so as not to expose the actual keystrokes.

In another embodiment, where a webcam or similar device acquires thebiometric response, two video streams can be produced. The first videostream is neither encrypted nor watermarked and is displayed on a screenfor the benefit of the claimant, while the second stream is encryptedand/or watermarked and sent to the authentication system. Here, anyoneobserving the displayed first video stream would not be able to inferthat the second video stream is watermarked and/or encrypted. Having thefirst video stream provides the claimant with the ability to center herimage in the field of view of the camera. Here, allowing the claimant tosee her displayed image can potentially expose the image data to beingcaptured with spyware. To avoid this, a further security featurecomprises replacing the raw video image of the claimant with a placementindicator, such as an avatar. In this way, the claimant can centerherself in the field of view by watching a representation of theclaimant on the screen.

A still further security feature is achieved through hybrid prompts. Ahybrid prompt is a prompt that the user selected during enrollment thatis modified during authentication. For instance, the user duringenrollment selects the prompt “Say your favorite movie.” Subsequently,during authentication, the claimant receives the hybrid prompt “Say youfavorite movie, then say spark plug.” Here, the original prompt has beenmodified to also ask for random words or a random phrase. Voicerecognition can then be employed to determine whether the words added tothe original prompt were spoken in the biometric response. If so, voiceidentification can be applied to the portion of the biometric responsethat includes the response to the original prompt. Furthermore, thatportion of the biometric response that includes the added random wordscan be saved as further biometric templates from the user.

FIG. 6 is a flow-chart representation of an exemplary method 600 forpreventing a user from making certain misrepresentations in a socialnetwork. The method 600 comprises the step 210 of method 200 (FIG. 2)and additionally comprises a step 610 of associating the user ID with abiometric template of a first user. Step 610 can comprise the steps 230and 240 of method 200, in some embodiments. Method 600 also comprises astep 620 of providing a prompt to the first user and storing a biometricresponse of the first user thereto in association with the user ID. Step620 can comprise the steps 340 and 350 of method 300 (FIG. 3), in someembodiments. It will be appreciated that various embodiments of method600 can include some or all of the other steps of methods 200 and 300.Each user of the social network that follows the steps 210, 610, and 620provides the social network with a user ID associated with two biometricsamples, one recorded as a template, the other provided in response to aprompt, for example, while logging into the social network to access anaccount. It will be understood that in some embodiments, only thebiometric template or the biometric response needs to be associated withthe user ID.

Method 600 also comprises a step 630 of receiving a request from asecond user of the social network to authenticate the first user of thesocial network. Here, the second user may wish to verify certainrepresentations made by the first user. For instance, the second usercan request authentication of the first user to verify that the firstuser is not an imposter impersonating the person associated with aparticular screen name. In other instances, the second user can requestauthentication of the first user to verify that representations made bythe first user about age, gender, personal appearance, and so forth arelegitimate.

Method 600 also comprises a step 640 of sending to the second user atleast a portion of the biometric response of the first user, or at leasta portion of the biometric template of the first user. In thoseembodiments in which only the biometric template or the biometricresponse is associated with the user ID, step 640 reduces to sending atleast a portion of whichever biometric sample was associated with theuser ID. It will be appreciated that for certain purposes either of thebiometric response or the biometric template may be more relevant. Forexample, to verify that a user is not an imposter, the biometricresponse from the most recent login event would be more relevant than abiometric template recorded when the an account was first established.Steps 630 and 640 can be performed by the inter-user authenticationlogic 430 (FIG. 4) in some embodiments.

FIG. 7 is a flow-chart representation of an exemplary method 700 formaintaining a social network. The method 700 comprises a step 710 ofenrolling users in the social network, a step 720 of certifying enrolledusers, and a step 730 of indicating to users of the social network whichother users are certified. Here, the step 710 of enrolling usersincludes storing in association with a user ID for each enrolled user avoice template, a facial recognition template, the user's gender, and/orthe user's age. The step 720 of certifying enrolled users is performedby using the voice template or the facial recognition template to verifythe gender and/or age of each certified enrolled user.

Step 730 comprises indicating to users of the social network which otherusers are certified. This can be achieved, for example, by a visualindicator associated with screen names or screen images of certifiedusers. For instance, a screen names of certified users and/or theirscreen images (e.g., an image displayed in association with contentand/or communications from a user) can be highlighted is various ways.Alternatively, or in addition, an icon can be displayed in associationwith certified users' screen names and/or screen images to indicate thecertified status.

An optional step 740 further comprises restricting some users tocommunicate only with certified users. This can comprise, for example,restricting those users to communicate only with certified users thatmatch a criterion like a gender or an age or age range. Step 740 can beimplemented, for instance, in the context of parental controls so that achild is restricted to communicating with, and exchanging content with,only those other users that are certified to be children below a certainage or within a specified range of ages.

As noted previously with respect to methods 200 and 500, the presentinvention provides authentication of individuals without resort to atrusted individual to act on behalf of the organization, on-linecommunity, social network, or the like. Instead, collection of biometrictemplates and biometric responses and the comparisons between them areperformed by computing systems in these embodiments. Thus, it will beunderstood that the absence of a trusted individual is not restricted tobeing a feature of only embodiments of methods 200 and 500 but can alsobe a feature of embodiments of other methods described herein.

While some prior art systems do not require a trusted individual, suchsystems are susceptible to being fooled. A fingerprint recognitionsystem, for example, can be fooled by a quality replica of a person'sfinger, or in the extreme case, by the amputated finger itself. Such asystem merely verifies that a correct match was obtained but does notguarantee that the person being given access to an account (or to asecured space, or to a control system, for other examples) is truly theauthorized person. Enrollment in a fingerprint recognition system,moreover, can be accomplished with an artificially generatedfingerprint, for example, unless a trusted individual is present at thetime of enrollment. As noted above, username/password login combinationscan be guessed or stolen, so these also merely verify that a correctmatch was obtained, not that the person using the login combination isthe authorized individual. Similarly, voice samples and other biometricdata can be intercepted and replayed to defeat more sophisticatedmethods, so these also merely verify that a correct match was obtained,not that the person using the login combination is the authorizedindividual. Additionally, without a trusted individual present atenrollment, enrollment can be based on recording of other people'svoices, and so forth.

The present invention will be recognized, therefore, as providingautomated user enrollment, without a trusted individual, that positivelyties the enrolling user to an account or other form of record, thoughthe enrolling user may or may not still remain anonymous behind afabricated screen name or other ID. The present invention can also, insome embodiments, verify certain representations made by the enrollinguser during the enrollment, again without the involvement of a trustedindividual. The present invention also provides automated authenticationupon login that the individual logging in is not an imposter, againwithout the involvement of a trusted individual. The present inventioncan also provide biometric samples from either or both of the enrollmentand any login event of a first user to a second user to authenticate thefirst user to the second user.

In the foregoing specification, the invention is described withreference to specific embodiments thereof, but those skilled in the artwill recognize that the invention is not limited thereto. Variousfeatures and aspects of the above-described invention may be usedindividually or jointly. Further, the invention can be utilized in anynumber of environments and applications beyond those described hereinwithout departing from the broader spirit and scope of thespecification. The specification and drawings are, accordingly, to beregarded as illustrative rather than restrictive. It will be recognizedthat the terms “comprising,” “including,” and “having,” as used herein,are specifically intended to be read as open-ended terms of art.

1. A social network system comprising: enrollment logic comprising afirst microprocessor and configured to enroll a first user in the socialnetwork by associating the first user with a user ID, associating aplurality of prompts with the user ID, associating a plurality ofbiometric templates each with one of the plurality of prompts, receivingan indication of the first user's gender, and verifying the first user'sgender by analyzing a biometric template from the plurality of biometrictemplates; and authentication logic comprising a second microprocessorand configured to authenticate a claimant as the first user by receivinga claimant target, sending a prompt from the plurality of prompts,receiving a biometric response to the prompt, and determining a matchbetween the biometric response and a biometric template associated withthe prompt.
 2. The social network of claim 1 wherein the enrollmentlogic is further configured to enroll the first user by receiving anindication of the first user's age and verifying the first user's age byanalyzing the biometric template used to verify the first user's gender.3. The social network of claim 1 wherein the enrollment logic is furtherconfigured to compare a biometric template of the plurality of biometrictemplates of the first user against a plurality of biometric templatesof barred users, and deny enrollment to the first user based on a matchbetween the biometric template of the plurality of biometric templatesand one of the plurality of biometric templates of barred users.
 4. Amethod for enrolling a user in a social network, the method comprising:associating the user with a user ID; associating a plurality of promptswith the user ID; associating a plurality of biometric templates eachwith one of the plurality of prompts; receiving an indication of theuser's gender; and verifying the user's gender by comparing theindication of the gender with a result of an analysis of a biometrictemplate from the plurality of biometric templates.
 5. The method ofclaim 4 wherein comparing the indication with the biometric templatecomprises a manual comparison.
 6. The method of claim 4 whereincomparing the indication with the biometric template comprises anautomated comparison.
 7. The method of claim 4 further comprisingreceiving an indication of the user's age, and verifying the user's ageby comparing the indication with a biometric template from the pluralityof biometric templates.
 8. The method of claim 5 further comprisingcomparing a biometric template of the plurality of biometric templatesof the user against a plurality of biometric templates of barred users,and denying enrollment to the user based on a match between thebiometric template of the plurality of biometric templates and one ofthe plurality of biometric templates of the barred users.
 9. A methodfor enrolling a user in a social network, the method comprising:associating the user with a user ID; associating a plurality of promptswith the user ID; associating a plurality of biometric templates eachwith one of the plurality of prompts; receiving an indication of theuser's age; and verifying the user's age by comparing the indicationwith a biometric template from the plurality of biometric templates. 10.The method of claim 9 further comprising comparing a biometric templateof the plurality of biometric templates of the user against a pluralityof biometric templates of barred users, and denying enrollment to theuser based on a match between the biometric template of the plurality ofbiometric templates and one of the plurality of biometric templates ofthe barred users.
 11. A method for preventing a first user from makingcertain misrepresentations in a social network, the method comprising:associating the first user with a user ID; associating the user ID witha biometric template of the first user; providing a prompt to the firstuser and storing a biometric response of the first user thereto inassociation with the user ID; receiving a request from a second user ofthe social network to authenticate the first user of the social network;and sending to the second user at least a portion of the biometricresponse of the first user, or at least a portion of the biometrictemplate of the first user.
 12. A method for maintaining a socialnetwork comprising: enrolling users in the social network, whereinenrolling users includes storing in association with a user ID for eachenrolled user a voice template, a facial recognition template, andeither the user's gender or the user's age; certifying enrolled users byusing their voice template or their facial recognition template toverify their gender or age; and indicating to users of the socialnetwork which other users are certified.
 13. The method of claim 12further comprising restricting some users to communicate only withcertified users.
 14. The method of claim 13 wherein restricting someusers to communicate only with certified users includes restrictingthose users to communicate only with certified users that match acriterion.
 15. The method of claim 14 wherein the criterion is gender.16. The method of claim 14 wherein the criterion is an age range.
 17. Asocial network system comprising: enrollment logic comprising a firstmicroprocessor and configured to enroll a first user in the socialnetwork by associating the first user with a user ID, associating aplurality of prompts with the user ID, associating a plurality ofbiometric templates each with one of the plurality of prompts; andauthentication logic comprising a second microprocessor and configuredto authenticate a claimant as the first user by receiving a claimanttarget, sending a prompt from the plurality of prompts, receiving abiometric response to the prompt, and determining a match between thebiometric response and a biometric template associated with the prompt,and further configured to authenticate the first user to a second userby sending at least a portion of the biometric response of the firstuser, or at least a portion of a biometric template of the plurality ofbiometric templates of the first user, to the second user.